US11411920B2 - Method and system for creating a secure public cloud-based cyber range - Google Patents

Method and system for creating a secure public cloud-based cyber range Download PDF

Info

Publication number
US11411920B2
US11411920B2 US15/929,633 US202015929633A US11411920B2 US 11411920 B2 US11411920 B2 US 11411920B2 US 202015929633 A US202015929633 A US 202015929633A US 11411920 B2 US11411920 B2 US 11411920B2
Authority
US
United States
Prior art keywords
cloud
cyber
network
cyber range
range
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US15/929,633
Other versions
US20200366650A1 (en
Inventor
Gary D. Morton
Paul Randy Thornton
Ryan Pressley
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Circadence Corp
Original Assignee
Circadence Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Circadence Corp filed Critical Circadence Corp
Priority to US15/929,633 priority Critical patent/US11411920B2/en
Publication of US20200366650A1 publication Critical patent/US20200366650A1/en
Assigned to CIRCADENCE CORPORATION reassignment CIRCADENCE CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MORTON, GARY D., PRESSLEY, RYAN
Assigned to CIRCADENCE CORPORATION reassignment CIRCADENCE CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: Thornton, Paul Randy
Application granted granted Critical
Publication of US11411920B2 publication Critical patent/US11411920B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies

Definitions

  • the present invention relates to the creation of cyber ranges.
  • a cyber range is a virtual environment used to configure cyber training scenarios, facilitate activities associated with training scenarios, and support evaluation activities.
  • the purpose of a cyber range is to create an environment where participants can safely practice with the latest cyber warfare tools and against the latest cyber threats without any security concerns or ramifications to existing operational systems.
  • existing cyber ranges utilize virtual environments to provide a practice environment where cyber warriors or IT professionals can hone their skills.
  • a cloud provider provides technology to create a private network environment as the foundation of the cyber range. This typically involves the use of third party software packages such as Azure's Virtual Network (VNET) or AWS's Virtual Private Cloud (VPC) to create a dedicated private network environment.
  • VNET Azure's Virtual Network
  • VPC Virtual Private Cloud
  • network traffic analysis and forensics is a core capability required in a cyber range.
  • network traffic In order to support that specific cyber range requirement, network traffic must be routed through the virtualized range the same way it would in a physical instantiation.
  • implementing public clouds within the cyber range pose a challenge given routing is handled by the cloud provider.
  • Traffic needs to be forced through in-range routers, firewalls, and switches when traversing between cyber range networks without artifacts of the underlying public cloud routing.
  • the described invention creates specialized routes to steer traffic through the correct sequence of virtual machines to emulate the expected layer 3 routing.
  • network traffic analyzing devices IDS, IPS, etc.
  • IDS network traffic analyzing devices
  • IPS IPS
  • port mirrors or port spans off of routers and firewalls to capture all ingress and egress traffic coming in and out of the network(s) they are monitoring.
  • Public cloud providers do not support this requirement natively.
  • aspects of the invention comprise methods, systems and devices for creating a public cloud-based cyber range which is preferably secure, dynamic and realistic.
  • One aspect of the invention is a public cloud-based cyber range, e.g. one which is implemented relative to existing public cloud resources and is not based upon private resources.
  • limitations associated with the scalability of the cyber range relative to such public clouds is overcome by utilizing multiple subscriptions.
  • One aspect of the invention is a secure public cloud-based cyber range where threats and other cyber activities are contained and unable to breach the range perimeter into the public domain.
  • Another aspect of the invention is a cyber range where activities can be paused and restored, such as by allowing participants to continue their event from a known state at a later date.
  • aspects of the invention comprise a public cloud-based cyber range which supports realistic networking, and which supports dynamic range services, and where the cyber range can readily be created, destructed and modified.
  • FIG. 1 schematically illustrates the topology of a prior art cyber range
  • FIG. 2 schematically illustrates aspects of a configuration of a private network-based cyber range
  • FIG. 3 illustrates aspects of load balancing in a public cloud-based cyber range in accordance with an embodiment of the invention
  • FIG. 4 illustrate aspects of asset emulation in a public cloud-based cyber range of the invention.
  • FIG. 5 illustrates aspects of public cloud-based cyber range support in accordance with an embodiment of the invention.
  • aspects of the invention comprise methods, systems and devices for creating a public-cloud based cyber range which is preferably secure, dynamic and realistic.
  • a cyber range is provided and supported.
  • the cyber-range is public cloud-based.
  • a cyber-range provider creates and uses their own network infrastructure to support a cyber range (a “private” cyber range)
  • a cyber range is created and supported via one or more existing, publicly accessible platforms or networks.
  • the use of public clouds allows the size of the cyber range to easily be scaled up or down because the existing infrastructure already exists and does not need to be changed by the cyber range provider. Also, the costs to the users can be much lower because other users of the associated public infrastructure for other purposes lowers the pro-rata cost thereof to all users.
  • public cloud providers limit the number of private networks that a customer can operate at any one time, which would thus normally restrict the number of cyber ranges that can be launched concurrently.
  • Microsoft's AZURE virtual network construct which is subscription based
  • multiple subscriptions are used to generate a public cloud-based range of the desired size/scale.
  • load balancing is implemented relative to the cyber range, illustrated in FIG. 3 , to scale the system to support expanded training environment scenarios.
  • One aspect of the invention creates a secure public cloud-based cyber range—e.g. one where threats and other cyber activities are contained and unable to breach the range perimeter into the public domain (e.g. whereby activities occurring within the range are isolated or contained).
  • Another aspect of the invention locks down access to and from the cyber range to restrict incoming and outgoing traffic to specific protocols and known “good” agents.
  • the described invention uses a master controller to manage the ingress/egress of network traffic and further isolate the cyber range from the rest of the public cloud. See FIG. 2 .
  • Another aspect of the invention enables users of the system to go beyond the limitations of private networks associated with the configuration of cyber ranges, wherein the number of cyber ranges that can be launched concurrently is no longer restricted.
  • An additional aspect of the invention locks down the system to restrict incoming and outgoing traffic to specific protocols and known “good” agents by using a master controller to handle the ingress/egress network traffic and further isolate the cyber range from the rest of the public cloud.
  • support for common network appliances is provided to create a high fidelity cyber training practice environment.
  • Another aspect of the invention is the ability to create, destroy and reconstruct the range environment to enable participants to repeatedly practice with and against the latest weapons and tactics.
  • Another aspect of the invention provides traffic capture forensics functionality to show the expected host and routing information and flows through the cyber range's virtual routers and switches during live training scenarios.
  • Another aspect of the invention provides port mirroring via firewalls, routers, and switches to support network monitoring and analysis systems such as Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to analyze all of the cyber range internal networks' traffic.
  • IDS Intrusion Detection Systems
  • IPS Intrusion Prevention Systems
  • Another aspect of the invention includes a converter to convert cyber range definitions into cloud specific characteristics to efficiently replicate specific environments repeatedly.
  • Another aspect of the invention is the implementation of nested virtualization (LXC) and systems resource isolation to emulate physically separate assets within the cyber range.
  • LXC nested virtualization
  • the ranges implemented by the described invention combine Azure native virtual-machines with nested Linux system virtual machines to provide additional endpoint and routing services on the network as illustrated in FIG. 4 .
  • Another aspect of the invention eliminates the limitation of public cloud providers by providing a cyber range environment that supports a logical mirror capability that can be run off any of the routers or firewalls.
  • Another aspect of the invention is to pause or suspend a range and later resume cyber range training activities from a specific state and point in time where it had been suspended.
  • the presented invention allows players to stop and come back later and continue from that point makes completing longer, more complex training exercises more manageable.
  • Another aspect of the invention allows the operator to change the cyber range on the fly due to situational changes or updated training objectives. Such changes may vary from adding a new system to changing the topology by adding a new network of networks.
  • the added (or removed) systems can be virtual or physical depending on the user's cyber training requirements.
  • the described invention provides functionality to support dynamic ranges from a public cloud to enable hybrid and multi-cloud cyber ranges along with hardware in the loop. Changes in configuration can either be manually initiated by a trainer, administrator, or an AI agent based on mission play based heuristics.
  • the presented invention provides a secure VPN connection to integrate external components (virtual or physical) into the cyber range. These attached enclaves support the isolation and containment requirements related to training.
  • another aspect of the described invention dynamically changes the services available to add a new dimension to the player experience. Updating services to make them vulnerable or patching them to close vulnerabilities in real time based on AI or management directed heuristics allows for additional changes in the playing field and the challenge.
  • Another aspect of the invention provides functionality to unlock or add additional cyber range elements based on game play success.
  • Such elements include a network (or set of networks), a new device, or a new service.
  • aspects of the invention provide novel methods for pricing options and other cyber range training pricing functionality, including: utility pricing based on time/resource usage, discounts/awards based on top performance, play again incentives, threat based pricing where users costs are based on which threats/scenarios are chosen, level(s) and sophistication based charges, dynamic threat selection pricing wherein trainer can adjust threat and complexity, and adding virtual or physical devices and services.

Abstract

Disclosed are methods and systems for creating a secure and dynamic public cloud-based cyber range by first creating a plurality of subscription-based virtual private networks on each of a plurality of public computing platforms. The public computing platforms may be accessible via a network, and may include at least one server. At least one virtual cyber range may be created relative to each of said private networks. Each cyber range may include a virtual network of one or more virtual computing components. The network traffic of said cyber ranges may be managed via at least one master controller to isolate said cyber range from a remainder of said public computing platforms not accessible via said network.

Description

RELATED APPLICATION DATA
This application claims priority to U.S. Application Ser. No. 62/848,916, filed May 16, 2019, which is incorporated herein by reference in its entirety.
FIELD OF THE INVENTION
The present invention relates to the creation of cyber ranges.
BACKGROUND OF THE INVENTION
A cyber range is a virtual environment used to configure cyber training scenarios, facilitate activities associated with training scenarios, and support evaluation activities. The purpose of a cyber range is to create an environment where participants can safely practice with the latest cyber warfare tools and against the latest cyber threats without any security concerns or ramifications to existing operational systems.
As illustrated in FIG. 1, existing cyber ranges utilize virtual environments to provide a practice environment where cyber warriors or IT professionals can hone their skills.
In prior art systems, a cloud provider provides technology to create a private network environment as the foundation of the cyber range. This typically involves the use of third party software packages such as Azure's Virtual Network (VNET) or AWS's Virtual Private Cloud (VPC) to create a dedicated private network environment.
Existing public cloud provided private network environments have severe limitations and are not sufficient to create a training environment where malware and malicious users are allowed to roam in order to experience a wide range of training scenarios. Other limitations of cyber ranges relate to problems associated with complex training scenarios, including a lack of support for sophisticated-networking topologies found in many physical networks.
Further, network traffic analysis and forensics is a core capability required in a cyber range. In order to support that specific cyber range requirement, network traffic must be routed through the virtualized range the same way it would in a physical instantiation. However, implementing public clouds within the cyber range pose a challenge given routing is handled by the cloud provider.
Traffic needs to be forced through in-range routers, firewalls, and switches when traversing between cyber range networks without artifacts of the underlying public cloud routing. In order to eliminate the limitation of the prior art, the described invention creates specialized routes to steer traffic through the correct sequence of virtual machines to emulate the expected layer 3 routing.
Typically in the real world, network traffic analyzing devices (IDS, IPS, etc.) are used to detect anomalous behaviors. These devices typically use port mirrors or port spans off of routers and firewalls to capture all ingress and egress traffic coming in and out of the network(s) they are monitoring. Public cloud providers do not support this requirement natively.
A need exists to address these and other issues associated with existing cyber ranges.
SUMMARY OF THE INVENTION
Aspects of the invention comprise methods, systems and devices for creating a public cloud-based cyber range which is preferably secure, dynamic and realistic.
One aspect of the invention is a public cloud-based cyber range, e.g. one which is implemented relative to existing public cloud resources and is not based upon private resources.
In one embodiment, limitations associated with the scalability of the cyber range relative to such public clouds is overcome by utilizing multiple subscriptions.
One aspect of the invention is a secure public cloud-based cyber range where threats and other cyber activities are contained and unable to breach the range perimeter into the public domain.
Another aspect of the invention is a cyber range where activities can be paused and restored, such as by allowing participants to continue their event from a known state at a later date.
Other aspects of the invention comprise a public cloud-based cyber range which supports realistic networking, and which supports dynamic range services, and where the cyber range can readily be created, destructed and modified.
Further objects, features, and advantages of the present invention over the prior art will become apparent from the detailed description of the drawings which follows, when considered with the attached figures.
DESCRIPTION OF THE DRAWINGS
FIG. 1 schematically illustrates the topology of a prior art cyber range;
FIG. 2 schematically illustrates aspects of a configuration of a private network-based cyber range;
FIG. 3 illustrates aspects of load balancing in a public cloud-based cyber range in accordance with an embodiment of the invention;
FIG. 4 illustrate aspects of asset emulation in a public cloud-based cyber range of the invention; and
FIG. 5 illustrates aspects of public cloud-based cyber range support in accordance with an embodiment of the invention.
 DETAILED DESCRIPTION OF THE INVENTION
In the following description, numerous specific details are set forth in order to provide a more thorough description of the present invention. It will be apparent, however, to one skilled in the art, that the present invention may be practiced without these specific details. In other instances, well-known features have not been described in detail so as not to obscure the invention.
Aspects of the invention comprise methods, systems and devices for creating a public-cloud based cyber range which is preferably secure, dynamic and realistic.
Public Cloud-Based Cyber Range
In a preferred embodiment, a cyber range is provided and supported. The cyber-range is public cloud-based. In contrast to the prior art where a cyber-range provider creates and uses their own network infrastructure to support a cyber range (a “private” cyber range), in accordance with the invention, a cyber range is created and supported via one or more existing, publicly accessible platforms or networks.
This aspect of the invention has numerous advantages over the prior art. First, “private” cyber ranges are expensive to create and are not readily scalable—either up or down in size. Also, the costs to a user of such a private range are generally higher because only the users of the range are dividing up the cost of the user of the associated supporting infrastructure.
On the other hand, in accordance with the invention, the use of public clouds allows the size of the cyber range to easily be scaled up or down because the existing infrastructure already exists and does not need to be changed by the cyber range provider. Also, the costs to the users can be much lower because other users of the associated public infrastructure for other purposes lowers the pro-rata cost thereof to all users.
In some embodiments, public cloud providers limit the number of private networks that a customer can operate at any one time, which would thus normally restrict the number of cyber ranges that can be launched concurrently. In one embodiment which utilizes Microsoft's AZURE virtual network construct, which is subscription based, multiple subscriptions are used to generate a public cloud-based range of the desired size/scale. In one embodiment,
In addition, in one embodiment load balancing is implemented relative to the cyber range, illustrated in FIG. 3, to scale the system to support expanded training environment scenarios.
Public Cloud-Based Cyber Range Security
One aspect of the invention creates a secure public cloud-based cyber range—e.g. one where threats and other cyber activities are contained and unable to breach the range perimeter into the public domain (e.g. whereby activities occurring within the range are isolated or contained).
Another aspect of the invention locks down access to and from the cyber range to restrict incoming and outgoing traffic to specific protocols and known “good” agents.
The described invention uses a master controller to manage the ingress/egress of network traffic and further isolate the cyber range from the rest of the public cloud. See FIG. 2.
Another aspect of the invention enables users of the system to go beyond the limitations of private networks associated with the configuration of cyber ranges, wherein the number of cyber ranges that can be launched concurrently is no longer restricted.
An additional aspect of the invention locks down the system to restrict incoming and outgoing traffic to specific protocols and known “good” agents by using a master controller to handle the ingress/egress network traffic and further isolate the cyber range from the rest of the public cloud.
Dynamic Cyber Range
In a preferred embodiment of the invention support for common network appliances (virtual) is provided to create a high fidelity cyber training practice environment.
Another aspect of the invention is the ability to create, destroy and reconstruct the range environment to enable participants to repeatedly practice with and against the latest weapons and tactics.
Another aspect of the invention provides traffic capture forensics functionality to show the expected host and routing information and flows through the cyber range's virtual routers and switches during live training scenarios.
Another aspect of the invention provides port mirroring via firewalls, routers, and switches to support network monitoring and analysis systems such as Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to analyze all of the cyber range internal networks' traffic.
Cyber Range Creation and Destruction
Another aspect of the invention includes a converter to convert cyber range definitions into cloud specific characteristics to efficiently replicate specific environments repeatedly.
Other aspects of the invention include installing and triggering malware or other threats and varying the internal network and system configuration.
Systems Virtualization and Isolation
Another aspect of the invention is the implementation of nested virtualization (LXC) and systems resource isolation to emulate physically separate assets within the cyber range. The ranges implemented by the described invention combine Azure native virtual-machines with nested Linux system virtual machines to provide additional endpoint and routing services on the network as illustrated in FIG. 4.
Realistic Networking
Another aspect of the invention eliminates the limitation of public cloud providers by providing a cyber range environment that supports a logical mirror capability that can be run off any of the routers or firewalls.
Cyber Range Suspend and Resume
Another aspect of the invention is to pause or suspend a range and later resume cyber range training activities from a specific state and point in time where it had been suspended. The presented invention allows players to stop and come back later and continue from that point makes completing longer, more complex training exercises more manageable.
Dynamic Ranges
Another aspect of the invention allows the operator to change the cyber range on the fly due to situational changes or updated training objectives. Such changes may vary from adding a new system to changing the topology by adding a new network of networks. The added (or removed) systems can be virtual or physical depending on the user's cyber training requirements.
The described invention provides functionality to support dynamic ranges from a public cloud to enable hybrid and multi-cloud cyber ranges along with hardware in the loop. Changes in configuration can either be manually initiated by a trainer, administrator, or an AI agent based on mission play based heuristics.
As illustrated in FIG. 5, the presented invention provides a secure VPN connection to integrate external components (virtual or physical) into the cyber range. These attached enclaves support the isolation and containment requirements related to training.
Dynamic Services
In addition to the dynamic range, another aspect of the described invention dynamically changes the services available to add a new dimension to the player experience. Updating services to make them vulnerable or patching them to close vulnerabilities in real time based on AI or management directed heuristics allows for additional changes in the playing field and the challenge.
Unlocking Additional Cyber Range Elements
Another aspect of the invention provides functionality to unlock or add additional cyber range elements based on game play success. Such elements include a network (or set of networks), a new device, or a new service.
Public Cloud Cyber Range Pricing Models
Other aspects of the invention provide novel methods for pricing options and other cyber range training pricing functionality, including: utility pricing based on time/resource usage, discounts/awards based on top performance, play again incentives, threat based pricing where users costs are based on which threats/scenarios are chosen, level(s) and sophistication based charges, dynamic threat selection pricing wherein trainer can adjust threat and complexity, and adding virtual or physical devices and services.
It will be understood that the above described arrangements of apparatus and the method there from are merely illustrative of applications of the principles of this invention and many other embodiments and modifications may be made without departing from the spirit and scope of the invention as defined in the claims.

Claims (17)

What is claimed is:
1. A method of creating a secure public cloud-based cyber range comprising:
creating a plurality of subscription-based virtual private networks on each of a plurality of public cloud-based computing platforms which are accessible via a public network, each public cloud-based computing platform of said plurality of public cloud-based computing platforms comprising at least one server;
creating a cloud-based cyber range relative to each subscription-based virtual private network of said plurality of subscription-based virtual private networks, wherein said cloud-based cyber range has a configuration comprising one or more characteristics, said characteristics comprising one or more services and a topology comprising a set of physical computing components and/or one or more virtual computing components comprising one or more of the following: a network host, a network router, a network switch, a firewall, cyber threat, an internal network, and a system configuration, and wherein said cloud-based cyber range is used to implement a cyber-training exercise having one or more challenges associated with a training objective, relative to a playing field defined by said topology; and
managing network traffic of said cloud-based cyber range via at least one master controller, said master controller isolating said cloud-based cyber range such that access to the cloud-based cyber range via the public network and access from the cloud-based cyber range to the public network is restricted;
wherein said topology of said cloud-based cyber range is modifiable based upon at least the training objective of said cloud-based cyber range, and wherein said one or more services are dynamically modifiable to add a new dimension to a player experience of said cyber-training exercise, at least one modification to one of said services comprising making the service vulnerable or patching the service to close vulnerabilities in real time based on Artificial Intelligence (AI) or management directed heuristics so as to change said playing field and at least one of said challenges.
2. The method in accordance with claim 1 wherein said cloud-based cyber range is generated from one or more cyber range templates which define one or more of said characteristics of said cloud-based cyber range.
3. The method in accordance with claim 1 further comprising the step of storing a state of said cloud-based cyber range at a first time and restoring said cloud-based cyber range to said state at a second time later than said first time.
4. A method of creating a secure public cloud-based cyber range comprising:
creating a virtual private network on a public cloud-based computing platform, said public cloud-based computing platform accessible via a public network;
generating a cloud-based cyber range on said virtual private network, said cloud-based cyber range having a configuration comprising one or more characteristics, said characteristics comprising one or more services and a topology comprising a set of physical computing components and/or said one or more virtual computing components comprising one or more of the following: a network host, a network router, a network switch, a firewall, cyber threat, an internal network, and a system configuration, and wherein said cloud-based cyber range is used to implement a cyber-training exercise having one or more challenges associated with a training objective, relative to a playing field defined by said topology;
modifying said topology of said cloud-based cyber range based upon at least the training objective of said cloud-based cyber range, and dynamically modifying one or more services to add a new dimension to a player experience of said cyber-training exercise, at least one modification to one of said services comprising making the service vulnerable or patching the service to close vulnerabilities in real time based on Artificial Intelligence (AI) or management directed heuristics so as to change said playing field and at least one of said challenges;
restricting, via a master controller, cyber range activities within said cyber range perimeter; and
restricting, via said master controller, network traffic to said cyber range protocols.
5. The method of claim 4 wherein said cyber threat is either automatically or manually triggered.
6. The method of claim 4 wherein said cyber threat comprises malware.
7. The method of claim 4 wherein said cloud-based cyber range is configured to operate on any router or firewall using a logical mirror.
8. The method of claim 4 further comprising the step of capturing network traffic forensics.
9. The method of claim 4 wherein said cloud-based cyber range further comprises port mirroring to support network monitoring systems and network analysis systems.
10. A method of creating a dynamic cloud-based cyber range comprising:
creating a first virtual private network on a first cloud-based computing platform which is accessible via a public network;
generating, on said first virtual private network, a cloud-based cyber range in accordance with a set of cyber range definitions, said set of cyber range definitions comprising a cyber range perimeter, a set of cyber range protocols, and one or more characteristics, said characteristics comprising one or more services and a topology comprising a set of physical computing components and/or said one or more virtual computing components comprising one or more of the following: a network host, a network router, a network switch, a firewall, cyber threat, an internal network, and a system configuration, and wherein said cloud-based cyber range is used to implement a cyber-training exercise having one or more challenges associated with a training objective, relative to a playing field defined by said topology;
restricting, via a master controller, cyber range activities within said cyber range perimeter;
restricting, via said master controller, network traffic incoming to and outgoing from the cloud-based cyber range in accordance with said set of cyber range protocols;
modifying said topology of said cloud-based cyber range based upon at least the training objective of said cloud-based cyber range, and dynamically modifying one or more services to add a new dimension to a player experience of said cyber-training exercise, at least one modification to one of said services comprising making the service vulnerable or patching the service to close vulnerabilities in real time based on Artificial Intelligence (AI) or management directed heuristics so as to change said playing field and at least one of said challenges; and
updating said set of cyber range definitions.
11. The method of claim 10 further comprising the step of storing said set of cyber range definitions in cloud storage.
12. The method of claim 11 wherein said set of cyber range definitions stored in cloud storage are used to create said cloud-based cyber range on a second virtual private network.
13. The method of claim 12 wherein said second virtual private network is created relative to a second cloud-based computing platform.
14. The method of claim 13 wherein said second cloud-based computing platform is accessible via said public network.
15. The method of claim 10 wherein said set of cyber range definitions is based on said training objective.
16. The method of claim 15 wherein said updating of said set of cyber range definitions is responsive to updating said training objective.
17. The method of claim 10 wherein said updating of said set of cyber range definitions comprises adding, deleting, or modifying one or more of the following: a network system, a virtual network, and a physical network.
US15/929,633 2019-05-16 2020-05-13 Method and system for creating a secure public cloud-based cyber range Active 2040-06-19 US11411920B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US15/929,633 US11411920B2 (en) 2019-05-16 2020-05-13 Method and system for creating a secure public cloud-based cyber range

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201962848916P 2019-05-16 2019-05-16
US15/929,633 US11411920B2 (en) 2019-05-16 2020-05-13 Method and system for creating a secure public cloud-based cyber range

Publications (2)

Publication Number Publication Date
US20200366650A1 US20200366650A1 (en) 2020-11-19
US11411920B2 true US11411920B2 (en) 2022-08-09

Family

ID=73230926

Family Applications (1)

Application Number Title Priority Date Filing Date
US15/929,633 Active 2040-06-19 US11411920B2 (en) 2019-05-16 2020-05-13 Method and system for creating a secure public cloud-based cyber range

Country Status (1)

Country Link
US (1) US11411920B2 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113438103B (en) * 2021-06-08 2023-08-22 博智安全科技股份有限公司 Large-scale network shooting range, construction method, construction device and construction equipment thereof
CN113691416A (en) * 2021-07-29 2021-11-23 中科兴云(北京)科技有限公司 Distributed layered deployed network target range management platform
CN113676363B (en) * 2021-10-22 2022-02-18 南京赛宁信息技术有限公司 Network target range flow generation system and method
CN114417633B (en) * 2022-01-27 2022-11-08 北京永信至诚科技股份有限公司 Network shooting range scene construction method and system based on parallel simulation six-tuple
CN115617463B (en) * 2022-11-21 2023-03-03 博智安全科技股份有限公司 Target creating system and method based on virtualization platform

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040268147A1 (en) * 2003-06-30 2004-12-30 Wiederin Shawn E Integrated security system
US20060203736A1 (en) * 2005-03-10 2006-09-14 Stsn General Holdings Inc. Real-time mobile user network operations center
US20060247060A1 (en) * 2005-04-15 2006-11-02 Larry Hanson Internet professional sports
US20070005954A1 (en) * 2000-01-07 2007-01-04 Terry Skemer Distributed subscriber management system
US20100306773A1 (en) * 2006-11-06 2010-12-02 Lee Mark M Instant on Platform
US8108931B1 (en) * 2008-03-31 2012-01-31 Symantec Corporation Method and apparatus for identifying invariants to detect software tampering
US8429630B2 (en) * 2005-09-15 2013-04-23 Ca, Inc. Globally distributed utility computing cloud
US8572247B2 (en) * 1998-10-30 2013-10-29 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US20190245714A1 (en) * 2006-12-29 2019-08-08 Kip Prod P1 Lp System and method for providing network support services and premises gateway support infrastructure
US10777093B1 (en) * 2008-02-19 2020-09-15 Architecture Technology Corporation Automated execution and evaluation of network-based training exercises

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8572247B2 (en) * 1998-10-30 2013-10-29 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US20070005954A1 (en) * 2000-01-07 2007-01-04 Terry Skemer Distributed subscriber management system
US20040268147A1 (en) * 2003-06-30 2004-12-30 Wiederin Shawn E Integrated security system
US20060203736A1 (en) * 2005-03-10 2006-09-14 Stsn General Holdings Inc. Real-time mobile user network operations center
US20060247060A1 (en) * 2005-04-15 2006-11-02 Larry Hanson Internet professional sports
US8429630B2 (en) * 2005-09-15 2013-04-23 Ca, Inc. Globally distributed utility computing cloud
US20100306773A1 (en) * 2006-11-06 2010-12-02 Lee Mark M Instant on Platform
US20190245714A1 (en) * 2006-12-29 2019-08-08 Kip Prod P1 Lp System and method for providing network support services and premises gateway support infrastructure
US10777093B1 (en) * 2008-02-19 2020-09-15 Architecture Technology Corporation Automated execution and evaluation of network-based training exercises
US8108931B1 (en) * 2008-03-31 2012-01-31 Symantec Corporation Method and apparatus for identifying invariants to detect software tampering

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Cyberbit, Cloud Based Cyber Range, https://www.cyberbit.com/solutions/cyber-range/cloud-cyber-range/, accessed Aug. 18, 2020, 10 pages.

Also Published As

Publication number Publication date
US20200366650A1 (en) 2020-11-19

Similar Documents

Publication Publication Date Title
US11411920B2 (en) Method and system for creating a secure public cloud-based cyber range
Sengupta et al. A survey of moving target defenses for network security
AU2019268206B2 (en) Mission-based, game-implemented cyber training system and method
US10091238B2 (en) Deception using distributed threat detection
US9680867B2 (en) Network stimulation engine
US9021092B2 (en) Network infrastructure obfuscation
US20210166488A1 (en) Method and system for exploiting interactions via a virtual environment
KR101460589B1 (en) Server for controlling simulation training in cyber warfare
CN110493238A (en) Defence method, device, honey pot system and honey jar management server based on honey jar
Eliot et al. A flexible laboratory environment supporting honeypot deployment for teaching real-world cybersecurity skills
Zakaria et al. A review on artificial intelligence techniques for developing intelligent honeypot
CN108605264A (en) Network management
Futoransky et al. Simulating cyber-attacks for fun and profit
Chandra et al. Design of cyber warfare testbed
Satasiya et al. Enhanced SDN security using firewall in a distributed scenario
Narwal et al. Game-theory based detection and prevention of DoS attacks on networking node in open stack private cloud
Shaw et al. Poster: Evaluating reflective deception as a malware mitigation strategy
Massoud Threat Simulations of Cloud-Native Telecom Applications
CN114765553B (en) Security management method, device, computer equipment and storage medium for access data
Luise et al. On-demand Deployment and Orchestration of Cyber Ranges in the Cloud.
Zkik et al. A modular secure framework based on SDMN for mobile core cloud
Pham On Automatic Cyber Range Instantiation for Facilitating Security Training
CN114765553A (en) Security management method and device for access data, computer equipment and storage medium
Lejaha SDN based security solutions for multi-tenancy NFV
Kulmala Improving network security with software-defined networking

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO SMALL (ORIGINAL EVENT CODE: SMAL); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

STPP Information on status: patent application and granting procedure in general

Free format text: APPLICATION DISPATCHED FROM PREEXAM, NOT YET DOCKETED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: ADVISORY ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

AS Assignment

Owner name: CIRCADENCE CORPORATION, COLORADO

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MORTON, GARY D.;PRESSLEY, RYAN;SIGNING DATES FROM 20220530 TO 20220609;REEL/FRAME:060403/0505

Owner name: CIRCADENCE CORPORATION, COLORADO

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:THORNTON, PAUL RANDY;REEL/FRAME:060402/0915

Effective date: 20220614

STCF Information on status: patent grant

Free format text: PATENTED CASE